James Cox reports: A Dublin cybersecurity researcher, Aaron Costello, has found that 1.1 million NHS employee records were leaked online because of improper configuration settings in Microsoft Power Pages, a software platform used by over 250 million people a month to build websites. Mr Costello, who works with AppOmni, previously discovered a computer glitch meant the HSE’s…
Pacific Pulmonary Medical Group patient information dumped by Everest Ransomware Team
The Pacific Pulmonary Medical Group (PPMG) in California has a significant data breach problem, but if you were to visit its website today, you’d have no clue that anything is amiss. On October 25, Everest Team added PPMG to its dark web leak site. The unencrypted personal and protected health information that they subsequently dumped…
UK: Prison layouts reportedly leaked on dark web
Lucy Clarke-Billings reports: The Ministry of Justice has said it is aware of a data breach affecting prisons in England and Wales. Confidential prison layouts had been leaked onto the dark web in the past two weeks, according to The Times. A former prison governor told the paper organised crime groups could potentially use the information…
Hackers breach US firm over Wi-Fi from Russia in ‘Nearest Neighbor Attack’
Bill Toulas reports: Russian state hackers APT28 (Fancy Bear/Forest Blizzard/Sofacy) breached a U.S. company through its enterprise WiFi network while being thousands of miles away, by leveraging a novel technique called “nearest neighbor attack.” The threat actor pivoted to the target after first compromising an organization in a nearby building within the WiFi range. The attack…
What You Need to Know about China’s Regulations on the Management of Network Data Security
Clyde & Co write: The new Regulations on the Management of Network Data Security (《网络数据安全管理条例》) [1] (the “Regulations”) were issued by the State Council of the People’s Republic of China (“China”) on 24 September 2024 and will come into force on 1 January 2025. With a focus on network data [2], the Regulations supplemented and…
Ransomware: Hunters International decentralizes storage
Reporting this via a Google translation of an article originally published in French. Valéry Rieß-Marchive reports: The brand provides its affiliates with Linux software allowing them to maintain complete control over the data stolen from their victims. The file is called “storage_linux_x64.” It is an executable for Linux. It is among the data of two…